Which line does it die on? Setting the userPassword attribute probably
won't work. Normally, you have to call SetPassword.
Also, the code I gave you is backward, as it is setting the account to be
disabled. You need to set it to "not disabled". Sorry about that. I wa
trying to respond too quickly. :)
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
I modified the code based on your input and have also modified the
policy so that the password for the user is no longer needed, but I
still get the following exception:
System.DirectoryServices.DirectoryServicesCOMException was caught
Message="The server is unwilling to process the request. (Exception
from HRESULT: 0x80072035)"
ExtendedErrorMessage="00002077: SvcErr: DSID-0319051D, problem 5003
(WILL_NOT_PERFORM), data 0\n"
at AddUser.CreateUser(String strEmail, String firstName, String
lastName, String strUserName, String strPassword) in c:\ETL\AddUser
Here is the code I am using:
public void CreateUser(string strEmail, string firstName, string
lastName, string strUserName, string strPassword)
string strDomain = "LDAP://172.21.200.111:389/
const int ADS_UF_ACCOUNTDISABLE = 2;
DirectoryEntry obDirEntry = new DirectoryEntry(strDomain,
DirectoryEntries entries = obDirEntry.Children;
DirectoryEntry obUser = entries.Add("CN=Tony Lew",
obUser.Properties["sAMAccountName"].Value = "Tony Lew";
obUser.Properties["userPrincipalName"].Value = "Tony Lew";
PasswordGenerator passGen = new PasswordGenerator();
string strPwd = passGen.Generate();
obUser.Properties["userPassword"].Value = strPwd;
int current = (int)
int enabled = current | ADS_UF_ACCOUNTDISABLE;
obUser.Properties["userAccountControl"].Value = enabled;
// object obRet = obUser.Invoke("SetPassword", strPwd);
catch (Exception ex)
It fails right on the first call to CommitChanges, does not even get
to the part to set the password or enabling the account. From the AD
interface I can manually create a user without a password so that is
not an issue here, unless I am specifically missing something. I was
under the impression that I could add the user with disabled status
and then set the password under the old policy where the password was
needed but that did not work either even though the AD interface
allowed me to create a user manually without a password. Since that
did not work I just changed the policy to check if I can add the user
without a password but from the code it still does not work, however
it works from the AD interface.
I downloaded your Raw and Full Samples and did look thru the code, but
could not seem to figure out something that is significantly missing
in my code. I am new to this and maybe I am missing something. As
always your input will be much appreciated.
On Mar 7, 4:02 pm, "Joe Kaplan"